Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers question about models, ar, and sql strings
question about models, ar, and sql strings
  • El Forum
    Guest
  •  
#4
05-26-2011, 10:55 AM

[eluser]CroNiX[/eluser]
basically you would have to manually escape any input before saving it like you would any other app. (mysql_escape_string)

$name = $this->db->escape($this->input->post('name'));

$this->db->query("UPDATE `table` set `name` = '$name' WHERE `id` = 4");

If you use AR, CI does this for you on all values being inserted/updated. AR also protects your identifiers automatically by using the backtics (`).

$name = $this->input->post('name');
$this->db->where('id', 4)->update('table', array('name' => $name));


Messages In This Thread
question about models, ar, and sql strings - by El Forum - 05-26-2011, 09:09 AM
question about models, ar, and sql strings - by El Forum - 05-26-2011, 10:26 AM
question about models, ar, and sql strings - by El Forum - 05-26-2011, 10:43 AM
question about models, ar, and sql strings - by El Forum - 05-26-2011, 10:55 AM



Theme © iAndrew 2016 - Forum software by © MyBB